Standalone 3D Secure 2.x

Standalone 3-D Secure 2

Besides executing 3-D Secure with a regular payment, it is also possible to perform a 3-D Secure request as a standalone asynchronous flow using Server-to-Server.

NOTE: You must be fully PCI compliant if you wish to perform a standalone 3-D Secure request (as it requires you to collect card data). If you are not fully PCI compliant, you can use COPYandPAY to perform the 3-D Secure request as part of the payment.

How it works

Send a 3-D request

Send a Server-to-Server request to the 3-D Secure endpoint.

Handle Response

Method Data and Method URL are not always returned by the issuer. It is an optional step, but if it's returned it's important to handle it properly.

Get the 3-D request status

Based on the details returned make a decision on whether to proceed with the payment.


1. Send a 3-D request

Use the /v1/threeDSecure endpoint to initiate a standalone 3-D Secure authentication flow.

2. How to handle the responses

Method Data and Method URL are not always returned by the issuer. It is an optional step, but if it's returned it's important to handle it properly. For OPP Server-to-Server and XML Server-to-Server, the handling of the methodUrl and methodData must be done by the integrator. Integrators using OPP COPYandPAY will benefit from the COPYandPAY in-build javascript engine which will handle the methodUrl and methodData automatically. Following steps have to be executed for OPP Server-to-Server and XML Server-to-Server after receiving the the gateway response on the initial request. Open a hidden iframe and post data to the methodURL

1. Open a hidden iframe and post data to the methodURL

<form name='' action='preconditions.url' method='POST'>
    <INPUT type='hidden' name='preconditions.parameters[].name' value='preconditions.parameters[].value'>
</form>
<script>
    window.onload = submitForm;
    function submitForm() { downloadForm.submit(); }
</script>

2. Redirect the shopper within and iframe to the redirect URL if onLoad event received from 1.

<form name='' action='redirect.URL' method='POST'>
    <INPUT type='hidden' name='redirect.parameters[].name' value='redirect.parameters[].value'>
</form>
<script>
    window.onload = submitForm;
    function submitForm() { downloadForm.submit(); }
</script>

3. Get the 3-D request status

Use the /v1/threeDSecure/{id} endpoint to get detailed information about the 3-D Secure request.